aboutsummaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorJosef Bacik <josef@redhat.com>2010-10-26 12:52:53 -0400
committerJosef Bacik <josef@redhat.com>2010-10-26 12:52:53 -0400
commit382279336f428c80f344edfc30d53797e3e76146 (patch)
tree91b1acbc1f60430742ace0b9155c4a014b7dbbaf /fs/btrfs
parent0e78340f3c1fc603e8016c8ac304766bcc65506e (diff)
downloadkernel_samsung_espresso10-382279336f428c80f344edfc30d53797e3e76146.zip
kernel_samsung_espresso10-382279336f428c80f344edfc30d53797e3e76146.tar.gz
kernel_samsung_espresso10-382279336f428c80f344edfc30d53797e3e76146.tar.bz2
Btrfs: set trans to null in reserve_metadata_bytes if we commit the transaction
btrfs_commit_transaction will free our trans, but because we pass trans to shrink_delalloc we could possibly have a use after free situation. So instead if we commit the transaction, set trans to null and set committed to true so we don't keep trying to commit a transaction. This fixes a panic I could reproduce at will. Thanks, Signed-off-by: Josef Bacik <josef@redhat.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/extent-tree.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index 180a501..e2dfd4a 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -3157,6 +3157,7 @@ static int reserve_metadata_bytes(struct btrfs_trans_handle *trans,
int retries = 0;
int ret = 0;
bool reserved = false;
+ bool committed = false;
again:
ret = -ENOSPC;
@@ -3249,17 +3250,19 @@ again:
goto out;
ret = -EAGAIN;
- if (trans)
+ if (trans || committed)
goto out;
-
ret = -ENOSPC;
trans = btrfs_join_transaction(root, 1);
if (IS_ERR(trans))
goto out;
ret = btrfs_commit_transaction(trans, root);
- if (!ret)
+ if (!ret) {
+ trans = NULL;
+ committed = true;
goto again;
+ }
out:
if (reserved) {